Will Microsoft ever bother to squash this security bug?

There's a zero-day security flaw in Internet Explorer that's been known for at least the last 7 months, yet Microsoft has yet to release a patch. Perhaps it never will -- after all, IE8 is the last version of Microsoft's browser to support Windows XP, which itself is now an unsupported operating system. Alternately, Microsoft might just be having a really tough time with this one -- the Redmond outfit doesn't have a whole lot to say on the matter.

Previously, Chrome OS devices were guaranteed four years’ worth of software support

Google has updated its Chrome OS End of Life (EOL) policy, extending the minimum EOL term to five years. Many Chrome OS device owners have already received an email apprising them of the change from the search engine giant.

SanDisk's first attempt at offering a self encrypting SSD

If you take a look at SanDisk's product portfolio, you'll find a range of memory and storage devices, including various solid state drives. However, one thing you wouldn't have found prior to today is a self-encrypting SSD line. With the introduction of the SanDisk X300s, the company now has one to offer corporate environments in need of secure storage -- healthcare and financial services are two industries that come to mind.

AOL today said it's investigating a "security incident" involving unauthorized access to its network and systems that resulted in the possible theft of user data, including email addresses, postal addresses, address book contact information, encrypted passwords, encrypted answers to security questions that AOL asks when a user resets his or her password, and certain employee information.

All versions affected

Microsoft has warned Internet Explorer users of a remote code execution vulnerability (CVE-2014-1776 ) that is present in versions 6 through 11. The company is aware of limited, targeted attacks aimed at exploiting the vulnerability, the Redmond outfit said in a security advisory issued on Saturday.

Here come the conspiracy theories

After more than 12 years of service, Microsoft finally pulled the plug on Windows XP by ceasing to support the operating system last week. However, Microsoft did promise to keep doling out updates for its Microsoft Security Essentials (MSE) software, including the version that runs on XP, but in doing so, the Redmond outfit only made things worse. That's because the latest MSE update is causing some XP machines to freeze up and run slow.

New security measures keeps your installed Android apps in check

It's not unusual for a malicious Android app to sneak into Google Play, though they're obviously much more prevalent from third-party sources, especially from sketchy areas of the web. To help protect users from falling prey to an app's malicious intentions, Google is rolling out a new enhancement to its security scheme that will examine an app's behavior after it's been installed.

A so-called "mega breach" can be worth as much as 50 smaller attacks

Large scale cyber attacks are on the rise, says security firm Symantec, which dubbed 2013 "Year of the Mega Breach." According to Symantec, there's a significant shift taking place in how cybercriminals operate. Rather than go in for quick hits with small rewards, cybercriminals are seeing the financial benefit in plotting bigger attacks months in advance. A single mega breach, as Symantec calls these attacks, can yield the same reward as 50 small scale attacks.

Website owners far and wide scramble to fix a major vulnerability

This has been one of the busier weeks in recent history for IT workers and web admins. Earlier this week, researchers discovered a major flaw in OpenSSL, an open source encryption technology that's utilized by an estimated two-third of the world's websites. They're calling it "Heartbleed." By exploiting the bug, cybercriminals can comb through a server's memory and pluck sensitive user data, including usernames, passwords, credit card numbers, and more.

Highest number of valid bug reports came from India, followed by the U.S. and Brazil

Facebook on Friday published an update on the progress of its four-year-old bug bounty program, revealing that it paid out $1.5 million in bounties last year to take the program’s lifetime payouts beyond $2 million.